For this they refer constantly to ISO/IEC 27001:2013, but also to other standards from the ISO/IEC 27000 family developed by the IEC and ISO joint technical committee for information technology.

Additionally, the IEC 62443 series of standards developed for industrial-process measurement, control and automation, defines procedures for implementing electronically-secure Industrial Automation and Control Systems (IACS), and is also mentioned as being essential for protection from cyber threats.

Aviation industry stakeholders also list the US National Institute of Standards and Technology (NIST) Cyber Security Framework for Improving Critical Infrastructure, as being vital for cyber security. The framework gives guidance to “identify, protect, detect, respond and recover” from cyber threats in order “to provide a high-level, strategic view of the lifecycle of an organization’s management of cybersecurity risk”.

For this, the ‘Framework Core’ refers specifically to ISO/IEC 27001 and to standards from the IEC 62443 series.

In addition to managing and protecting from cyber threats, IEC has developed many international standards which are critical for airport security. For example, for cards and personal identification, for machine-readable passports, machine-readable visas and official travel documents, and standards for biometrics.

ISO/IEC 24713–2:2008 is an international standard covering “biometric profiles for interoperability and data interchange” specific to “physical access control for employees at airports”. It covers the basic biometric functions of enrolment, verification and identification and includes a database interface.

A holistic industry-wide risk management approach to all safety and security aspects, (including physical and cyber security), is essential for the aviation industry. This approach requires close cooperation, communication and exchange of information between all stakeholders and operators, implementation of existing standards and the future adoption of those under development.

Going forward, it is essential that future airports and terminal buildings are secure by design, with physical and cyber security measures incorporated from the design phase, not added later.

About the IEC

The IEC (International Electrotechnical Commission) is the world’s leading organization that prepares and publishes International Standards for all electrical, electronic and related technologies. Close to 20 000 experts from industry, commerce, government, test and research labs, academia and consumer groups participate in IEC Standardization work.